Solved

Using virtualized domain controller as NTP source ?

Posted on 2015-01-13
13
407 Views
Last Modified: 2015-01-14
Hi,

I'm currently planning to change the current NTP provider from a physical old Windows 2003 server into the new Windows Server 2008 R2 Domain Controller running as VMware virtual machine.

So what are the caveats or the steps that I need to know to avoid any issue in using VM as the NTP for the entire company / Data Centre ?

Do I have to transfer FSMO role to another Domain Controller to do this or this is just a simple Group Policy change to point to another Virtualized Domain Controller ?

Thanks.
0
Comment
  • 7
  • 4
  • 2
13 Comments
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
Comment Utility
As far as the NTP clients are concerned, it's just a change in Group Policy. They won't know if the NTP server is a VM or not, nor will they care.

Before you set your 2008 R2 DC as the NTP Server for your entire domain, make sure you've disabled the time synchronization between the host and the VM otherwise you may experience issues with time drift even if you configure the server to use an external time source.

On that topic - what do you plan on using as your time source on the 2008 R2 DC? Will you be using an external time source such as ntp.pool.org?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Yes correct I will be using that pool.ntp.org lists with space in between the entries on the GPO.

How do I disable the time synch with the ESXi hosts ?
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
Comment Utility
See the steps in this article to disable time synchronization in ESXi: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189

You'll need to shut down the VM and follow the steps in the above article if you want to completely disable time synchronization.
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 333 total points
Comment Utility
Make sure that the old and new NTP Servers are running and issuing the same time!
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Thanks for the suggestion Andrew,

What do you mean by old and new ?
Do you mean I must check both the VM and the physical box so that there is no more than 5 minutes different ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
And last question... Do I need to transfer the FSMO role PDC emulator from this physical windows 2003 box to the Windows 2008R2 VM ?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 333 total points
Comment Utility
Hang on I've just seen this.....do you have options of using an External NTP source on the ESXi hosts , rather than a virtual machine.

We setup as follows:-

1. ESXi hosts - External Time Source

2. Windows PDC Emulator - External Time Source (same source as 1)

3. Do not Sync time to hosts in the VMs.

4. Windows VMs in the Domain will get time from PDC emulator

5. Linux/Unix VMs external time source as 1.

(otherwise you have an issue when ESXi starts, there is no time source available because the VM is not started, and if the time is apart by over 1/2mins it will not sync)
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Hmm I got confused myself here.

So my initial plan is to do the following:

All windows server and workstations synch to the new Windows Server 2008 R2 VM (not yet PDC emulator). This VM is synchronized to the external source of Pool.ntp.org --> I'm wondering if I have to transfer the FSMO role to the new win2008R2 VM or not necessary.

All ESXi hosts synch to this one VM above.
All network devices (switch, router, SAN, NAS, etc...) synch to the same windows 2008 R2 VM.

Would that be possible ?
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 333 total points
Comment Utility
Windows and Workstations will sync against the domain, so, no need to change anything there.

Yes, that's a good plan.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Cool, thanks for the quick reply.

So why your configuration for the ESXi points to the external NTP source rather than the Windows PDC role VM ?
I'm curious to know the reasoning on your configuration #1 (1. ESXi hosts - External Time Source).

As for configuration #3(3. Do not Sync time to hosts in the VMs.), only the PDC emulator role VM that does not synch with the ESXi servers.
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 333 total points
Comment Utility
We have seen the NTP service on the ESXi host stop, and if you are syncing VMs with the host, they get the wrong time, so hence, sync time with domain.

We always like to sync servers with an external time source, we have seen issues on occasion with ESXi syncing with Domain, also we like to sync Physical Host to Physical Device, we have GPS and NTP Appliances.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
ah I see,

So "ESXi syncing with Domain" do you mean the issues was occurred when the ESXi synch the time with the PDC emulator role running as VM ?
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
Comment Utility
Thanks !
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

When we have a dead host and we lose all connections to the ESXi, and we need to find a way to move all VMs from that dead ESXi host.
HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now